Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/W7eXyRRRvUOTs4p0IcZC7wBewUU.roa
File:                     W7eXyRRRvUOTs4p0IcZC7wBewUU.roa (raw, json)
Hash identifier:          cw0ijJMa6OW2yg3Z57fQFCHd6x9r0fjQldyabQaHj1s=
Subject key identifier:   5B:B7:97:C9:14:51:BD:43:93:B3:8A:74:21:C6:42:EF:00:5E:C1:45
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7952793B8E92C694458AE787AF9ECB7
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/W7eXyRRRvUOTs4p0IcZC7wBewUU.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62019
IP address blocks:        2.58.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 16:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:27:93:b8:e9:2c:69:44:58:ae:78:7a:f9:ec:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bb797c91451bd4393b38a7421c642ef005ec145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2c:c6:e8:e0:78:77:01:0f:c8:bd:a5:04:34:
                    24:94:39:91:50:00:3c:1d:74:8e:f8:76:ef:5f:d8:
                    48:be:c9:a0:f2:e9:10:20:a5:77:6f:02:68:92:42:
                    b7:cf:1c:be:84:72:ef:57:94:a5:c5:40:2a:2b:09:
                    d5:22:c6:db:6d:f2:0a:75:f6:fc:bb:d9:ba:60:80:
                    c0:63:22:fc:b0:4e:04:98:09:ef:87:e5:80:3e:84:
                    11:0e:b9:18:86:f0:07:e1:25:44:a1:27:81:d6:36:
                    62:27:ae:b7:8d:60:60:32:35:dd:cc:e4:e8:33:b1:
                    89:de:6b:47:93:f4:f2:33:64:8d:ee:0c:9e:e7:7a:
                    70:8a:df:12:c9:2c:1c:55:46:52:40:0a:e7:be:ac:
                    f7:d5:c5:e9:16:ab:58:05:a7:38:f6:31:ed:ca:2e:
                    64:c4:63:e4:b6:49:80:84:16:72:05:37:1e:d6:47:
                    65:64:58:c3:b8:7b:84:50:ed:f7:d8:28:6e:b4:67:
                    dc:e5:58:44:25:29:bb:35:31:34:c0:fd:98:5d:47:
                    4a:0c:09:fb:40:ac:c4:04:0d:30:46:37:d9:32:e8:
                    4d:d9:5d:1f:c5:9b:06:1a:19:70:07:f4:dc:d3:24:
                    79:32:56:66:1c:9d:57:82:d2:31:a0:f9:5e:20:46:
                    e4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B7:97:C9:14:51:BD:43:93:B3:8A:74:21:C6:42:EF:00:5E:C1:45
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/W7eXyRRRvUOTs4p0IcZC7wBewUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:d9:79:91:1f:09:32:8a:94:85:91:15:12:48:de:12:7a:13:
         ac:83:99:01:7b:a4:4b:b6:4c:6d:fe:28:b5:d3:0b:6a:c6:56:
         a3:cc:b4:a7:61:83:9f:00:5a:8b:05:a9:4f:62:9b:d3:fe:ff:
         53:8d:92:0d:2e:d1:c3:9a:69:9a:f9:ae:ef:e5:e9:08:f8:3b:
         02:e2:17:08:4a:04:70:6b:ba:d0:32:bf:b4:25:27:40:da:25:
         09:55:d2:2b:11:ca:80:4b:46:41:19:5f:9b:f3:e9:3b:59:c5:
         f6:1d:23:9b:5d:80:1b:a6:71:eb:5e:ee:1e:14:7a:36:da:78:
         26:92:f3:7c:c2:28:8c:89:1a:a3:e2:e7:9e:80:a7:88:46:ad:
         2d:84:66:ef:8a:9a:7a:18:be:05:ee:fe:df:9b:40:11:f2:be:
         a8:7a:21:f6:83:ed:96:5c:75:4f:68:9f:a4:f5:c5:c1:4b:8b:
         53:97:b2:6c:bf:4d:fe:a8:70:8b:61:ab:3f:9b:b0:93:87:a3:
         57:c0:35:d5:6d:b1:ad:77:b1:ad:da:41:74:16:00:67:8d:9e:
         36:3a:8d:66:b2:bc:de:4d:92:c6:47:c1:d7:4b:9b:ed:a8:c1:
         1e:16:5f:69:f1:64:92:51:38:30:8b:7a:22:7c:a9:18:7c:3f:
         c5:2c:a0:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSeTuOksaURYrnh6+ey3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmI3OTdjOTE0NTFiZDQzOTNiMzhhNzQyMWM2NDJlZjAwNWVjMTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyzG6OB4dwEPyL2lBDQklDmRUAA8
HXSO+HbvX9hIvsmg8ukQIKV3bwJokkK3zxy+hHLvV5SlxUAqKwnVIsbbbfIKdfb8
u9m6YIDAYyL8sE4EmAnvh+WAPoQRDrkYhvAH4SVEoSeB1jZiJ663jWBgMjXdzOTo
M7GJ3mtHk/TyM2SN7gye53pwit8SySwcVUZSQArnvqz31cXpFqtYBac49jHtyi5k
xGPktkmAhBZyBTce1kdlZFjDuHuEUO332ChutGfc5VhEJSm7NTE0wP2YXUdKDAn7
QKzEBA0wRjfZMuhN2V0fxZsGGhlwB/Tc0yR5MlZmHJ1XgtIxoPleIEbk3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFu3l8kUUb1Dk7OKdCHGQu8AXsFFMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvVzdlWHlSUlJ2VU9UczRwMEljWkM3d0Jld1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjphMA0G
CSqGSIb3DQEBCwUAA4IBAQB42XmRHwkyipSFkRUSSN4SehOsg5kBe6RLtkxt/ii1
0wtqxlajzLSnYYOfAFqLBalPYpvT/v9TjZINLtHDmmma+a7v5ekI+DsC4hcISgRw
a7rQMr+0JSdA2iUJVdIrEcqAS0ZBGV+b8+k7WcX2HSObXYAbpnHrXu4eFHo22ngm
kvN8wiiMiRqj4ueegKeIRq0thGbvipp6GL4F7v7fm0AR8r6oeiH2g+2WXHVPaJ+k
9cXBS4tTl7Jsv03+qHCLYas/m7CTh6NXwDXVbbGtd7Gt2kF0FgBnjZ42Oo1msrze
TZLGR8HXS5vtqMEeFl9p8WSSUTgwi3oifKkYfD/FLKDr
-----END CERTIFICATE-----